From 8714f17ad66fa29383170ad45b9c150b9818dbdf Mon Sep 17 00:00:00 2001 From: Hans Dedecker Date: Wed, 7 May 2014 09:19:09 +0000 Subject: netifd: Fix node version set after free Fixes an issue where a bridge member will be removed from the bridge upon an interface ifup as the bridge node version -1 is overwritten by vlist_add while the new created bridge member pointer is freed in bridge_member_update Signed-off-by: Hans Dedecker --- bridge.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bridge.c b/bridge.c index 3edfeaa..fed4de3 100644 --- a/bridge.c +++ b/bridge.c @@ -344,7 +344,11 @@ bridge_create_member(struct bridge_state *bst, struct device *dev, bool hotplug) strcpy(bm->name, dev->ifname); bm->dev.dev = dev; vlist_add(&bst->members, &bm->node, bm->name); - if (hotplug) + // Need to look up the bridge member again as the above + // created pointer will be freed in case the bridge member + // already existed + bm = vlist_find(&bst->members, dev->ifname, bm, node); + if (hotplug && bm) bm->node.version = -1; return bm; -- cgit v1.2.3